IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [forensics]

Computer forensics works to analyze information on computer systems in an attempt to find evidence regarding certain actions of a process, application, user or computer to determine the source of change within a host, network or device.

Often used within the Information Security field to specifically refer to Digital Forensics. This sub-specialty of forensics science came to being largely in the 1990s as technology began encroaching deeper into society at large. Much like other forensic sciences, the principle goal is to apply the scientific method to the collection and analysis of information stored in digital formats. While primarily used as part of legal investigations, the same tools and methods are frequently engaged as part of an incident response procedure when technical assets are involved.

501 questions
13
votes
2 answers

Why is it so hard to close onion domains (e.g. The Silkroad)?

A few months ago when I started to experiment with bitcoin I came across The Silkroad (only accessible via Tor) For those who do not know what Tor is and who do not want to waste their time installing and checking what is there - you can read this…
Salvador Dali
  • 1,745
  • 1
  • 19
  • 32
12
votes
2 answers

Do XSS attempts leave any trace on the server?

If I do a test with a classic , does the website owner see my attempt? Does XSS leave some trace behind? I will try to build a little server on my Ubuntu with a bunch of websites to test something. Where could I find the…
onec0de
  • 121
  • 4
10
votes
1 answer

Looking for signs of forensics - Assuming they didn't do the smart thing

I'm getting my hands on a system (one laptop, one hard drive) that were in custody of a LEO for a fairly significant period of time. The laptop runs windows XP professional, with a recovery partition, and the hard drive is a 2.5 inch 40 gb drive…
Faileas Grey
  • 103
  • 4
10
votes
6 answers

Scanning for files than have been encrypted by CryptoLocker

I am just asking in case someone has already done the analysis. A customer has a large set of network drives that were mapped to a CryptoLocker infected machine. The infection itself has been treated. I am looking for a tool or just a binary pattern…
Paul Doom
  • 279
  • 1
  • 2
  • 7
10
votes
3 answers

Is there an easy way to see a log of SCP activity on a server (ala /var/log/secure for ssh login)?

On Linux systems, /var/log/secure (or similar, depending on distro) shows all SSH login activity. Is there a similar log for SCP? If not, what's a good approach to enabling logging of scp activity on my servers? Is it SELinux through…
JJC
  • 471
  • 1
  • 3
  • 8
10
votes
2 answers

Methods of cold boot attacks in the wild

As far as I know, there are two methods for performing cold boot attacks: Reboot the system into an alternate operating system or BIOS with a minimal memory footprint which automatically exports memory to persistent media. Physically remove the…
forest
  • 64,616
  • 20
  • 206
  • 257
10
votes
2 answers

Magnet to wipe HDD

This question is for HDD, not SDD. Would a Neodymium magnet like this one be strong enough to wipe the contents of a hard disk drive? How long would such an act take to destroy any data so it's not recoverable? Would it be possible to format and…
k1308517
  • 1,272
  • 14
  • 27
10
votes
1 answer

What is it called when you give hackers a way in?

Is there a name for a system that is designed to be hacked into? (Alternatively, there may be a different name for a system that is designed to look like it is hacked in to, but is actually just emulating?) And is there a name for an executable that…
700 Software
  • 13,807
  • 3
  • 52
  • 82
9
votes
3 answers

How to find passwords in memory (password managers)

I’m trying to figure out if password managers such as LastPass store passwords in plain text (or hash values that can then be decrypted with the master-password) in memory after a user logs into the browser/extension. I’m trying to find academic…
octo-carrot
  • 316
  • 3
  • 12
9
votes
3 answers

Finding artifacts of software

I was wondering if there is an established way to know what a running particular program on a system might leave behind (in terms of changes to a filesystem, such as in Linux). I am thinking of this in similar lines to how I think a forensics…
user45195
  • 137
  • 3
9
votes
4 answers

How does forensic software detect deleted files

How does forensic software detect deleted files? When a file is deleted, the pointer from MFT in NTFS system is deleted and the file is no longer accessible from the OS. If our disk is fragmented how can software like Autopsy or Recuva detect where…
user46850
  • 199
  • 3
  • 9
9
votes
4 answers

Why is it so hard to trace origins of DDOS attacks?

According to the July 2009 cyber attacks Wikipedia article, US & South Korean governments suffered a DDOS attack on their websites. However, up till now they have not been able to find any substantial evidence to prove who the culprit is. Why is it…
Computernerd
  • 2,391
  • 9
  • 23
  • 30
9
votes
5 answers

Forensic research: What OS to use

I have been given an assignment from my school, in wich I have been given a Virtual image of a compromised system. The first thing I need to do is setup a environment to wich we can mount the image. I need to choose an OS, and I was wondering: What…
Black Magic
  • 1,212
  • 1
  • 10
  • 15
9
votes
3 answers

How to manually check for rootkits on a server

Does anyone have a general step by step list on how to try discover rootkits on a Linux or Solaris server? I'm looking for to to manually find the rootkit, not by automated software. For example: Places to look for suspicious files? Search commands…
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
9
votes
2 answers

How do I forensically determine whether a mobile phone has been infected with a spy suite?

What is the best way of forensically determining that spyware software has been installed on the phones without making any changes to the phone(s)? I have Blackberry and iPhone 4 phones that are suspected of having spysuite software (CellSpyNow)…
Callum Wilson
  • 2,533
  • 10
  • 15
1 2
3
33 34